z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Initializing the CKDS and PKDS at First-Time Startup

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

The first time you start ICSF, you must:

  • Create a cryptographic key data set (CKDS)
  • Create a PKA key data set (PKDS)
  • Enter a DES new master key into the Cryptographic Coprocessor Feature
  • Enter a new SYM-MK into each PCI Cryptographic Coprocessor, if you have PCICCs in your environment
  • Initialize the CKDS
  • Enter PKA Key Management and Signature master keys into the Cryptographic Coprocessor Feature
  • Enter a new ASYM-MK into each PCI Cryptographic Coprocessor, if you have PCICCs in your environment
  • Initialize the PKDS
Note:
Once these tasks are completed, you should enable PKA callable services and PKDS read and write access.

When you initialize the CKDS, ICSF creates a header record for the CKDS, and sets the DES master key. Keys stored in the CKDS are enciphered under the DES master key.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014